I guess Signal’s probably less-prone to letting attackers pose as other people than the phone system, but the phone system is abysmal.
Could probably benefit from some sort of trust system(s), like X.509 certs for organizations, or GPG keys for a distributed web of trust or something, and adoption of calling practices that aren’t vulnerable to this. Needs to be a few simple steps that people can be told to follow, not a constantly moving target that requires information security familiarity.
Or you know… bear with me on this crazy idea (obviously for government not us), Maybe we need to… make sure government communication uses government infrastructure. Of which the government can directly trace, and identify who is in etc…
The fundamental flaw with the phone system is it’s all or nothing. It’s difficult to get in, but once you’re in there’s zero controls (DNS used to and somewhat still does also suffer from this).
I guess Signal’s probably less-prone to letting attackers pose as other people than the phone system, but the phone system is abysmal.
Could probably benefit from some sort of trust system(s), like X.509 certs for organizations, or GPG keys for a distributed web of trust or something, and adoption of calling practices that aren’t vulnerable to this. Needs to be a few simple steps that people can be told to follow, not a constantly moving target that requires information security familiarity.
Or you know… bear with me on this crazy idea (obviously for government not us), Maybe we need to… make sure government communication uses government infrastructure. Of which the government can directly trace, and identify who is in etc…
Nah
The fundamental flaw with the phone system is it’s all or nothing. It’s difficult to get in, but once you’re in there’s zero controls (DNS used to and somewhat still does also suffer from this).
deleted by creator
The phone system doesn’t have a way to identify people other than Caller ID, and that’s vulnerable to various forms of spoofing.